|Shmoocon 2015 Videos: Playlist Version|
Videos from Shmoocon 2015, held in Washington DC, January 16-18, 2015. These are the full videos recorded and available from the event, put into one item to allow playlisting. Individual talk items are currently available as well.
|ShmooCon 2014 - Controlling USB Flash Drive Controllers: Expose of Hidden Features - Richard Harman|
Controlling USB Flash Drive Controllers: Expose of Hidden Features Richard Harman With stories of "BadBIOS" infecting PCs simply by connecting a malicious USB flash drive to a PC, it's time we learned about flash drives and their controllers. Consumer USB flash drives are cheap, growing in capacity and shrinking in physical size. There are only around 15 prominent controller chip manufacturers whom you have never heard of, but OEM for all the popular and respected "name brands" on the market...
|OHM2013: Sprite_tm - Hard Disks More Than Just Block Devices|
In this talk, we take a look at one of the more obscure parts of an hard disk: the HD controller. In any cheapo disk, it should do nothing more than channel bits between the SATA-port and the heads on the platter, but what does it actually consist of? And can we make it do some more interesting things? From an OS view, a hard disk is a very simplistic device: any block you write to it, you can read back later in it's exact same form...
Keywords: OHM2013; Sprite_tm; Jeroen; hard disk; controllers; hack; porting; linux
|Intro to Scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin @webpwnized|
Intro to Scanning Nmap, Hping, Amap, TCPDump, Metasploit, etc. Jeremy Druin @webpwnized http://www.irongeek.com/i.php?page=videos/intro-to-scanning-nmap-hping-amap-tcpdump-metasploit-jeremy-druin
Keywords: hacking; security
|Rainbow Tables Collection (Shmoo and Distrrtgen)|
|Host Vulnerability Assessment with Nessus, NeXpose and Metasploitable 2|
Host Vulnerability Assessment with Nessus, NeXpose and Metasploitable 2 from Jeremy Druin
Keywords: hacking; security. owasp; pen-testing
|OHM2013: Breaking The Taboo (With QA) (film screening)|
Screening of cult film "Breaking the Taboo" - a documentary uncovering the failure of the UN sanctioned war on drugs followed by Q&A with Countess Amanda Fielding of the Beckley Foundation, Annie Machon of Law Enforcement Against Prohibition (LEAP), and John Gilmore The War on Drugs has failed. After 50 years of prohibition, illicit drugs are now the third most valuable industry in the world after food and oil, all in the control of criminals...
Keywords: OHM2013; talk; Amanda Fielding; Annie Machon; John Gilmore; screening; beckley foundation; LEAP; Law Enforcement Against Prohibition; prohibition; drug; drugs; narcotics
|066 Bluetooth Hacking|
066 Bluetooth Hacking
|ShmooCon2014 - Arms Race: The Story of (In)-Secure Bootloaders - Lee Harrison and Kang Li|
Arms Race: The Story of (In)-Secure Bootloaders Lee Harrison and Kang Li Secure boot is the process that ensures the critical parts of software (e.g. kernel) running on a device are authorized and have not been tampered with. Many wireless service providers prefer to have a locked down version of their smartphones that can only boot the official kernel, and do not allow loading customized systems developed by users...
|26c3-3647-de-ckan apt-get for the debian of data|
26c3-3647-de-ckan apt-get for the debian of data
|DeepSec 2007 Audio - DeepSec|
RPC Auditing Tools and Techniques Aaron Portnoy, Cody Pierce, TippingPoint Security Research Team RPC auditing is currently a tedious and manual process. When complex embedded structures, arrays, and unions are present in an IDL, coding the client involves much debugging and time. The discussed tools are the culmination of a few weeks worth of research performed by Aaron Portnoy and Cody Pierce that allow a researcher to very quickly be able to communicate and audit an RPC server...
Keywords: deepsec; hacker; conference; anarchivism
|215 The Incomputable Alan Turing|
215 The Incomputable Alan Turing
|27c3-4208-en-wideband gsm sniffing|
27c3-4208-en-wideband gsm sniffing
|ShmooCon 2014 - Introducing idb - Simplified Blackbox iOS App Pentesting - Daniel A. Mayer|
Introducing idb - Simplified Blackbox iOS App Pentesting Daniel A. Mayer More than ever, mobile apps are used to manage and store sensitive data by both corporations and individuals. In this talk, we review common iOS mobile app flaws involving data storage, inter-process communication, network communications, and user input handling as seen in real-world applications. To assist the community in assessing security risks of mobile apps, we introduce a new tool called 'idb' and show how it can be ...
|Pen-testing practice in a box :How to assemble a virtual network|
http://www.irongeek.com/i.php?page=videos/pen-testing-practice-in-a-box-how-to-assemble-a-virtual-network This is a re-upload, the last one had audio issues Presenter: Jeremy Druin Topics Virtual Box Installation Installing virtual machines Configuring virtual networks - bridged, nat, hostonly USB devices in virtual machines Wireless networks in virtual machines Installing Guest Additions How to install Mutillidae in Windows on XAMPP How to install Mutillidae in Linux Samurai Video Tutorials: ww...
Keywords: hacking; mutillidae; owasp; security
|Blackhat RealMedia Collection|
Blackhat RealMedia Collection
|ShmooCon 2012 Firetalks|
ShmooCon 2012 Firetalks
Keywords: hacking; security; shmoocon
|OHM2013: Ronald van der Knijff - Forensic Hardware Hacking @NFI|
Forensic Hardware Hacking History - Behind the scenes of the Netherlands Forensic Institute (NFI). Historical overview of hardware methods and tools for digital forensics. Real case examples included. Topics covered include: - How to fool a DES FPGA hacker in the nineteenth century - Brute force robotics - ZERT-box – user friendly cracking of PDA passwords - Reloading phone cards with fault injection - IKEA bomb threat with mobile phones - MTK – Forensic Flash Imaging - Bank robbery attem...
Keywords: OHM2013; talk; Ronald van der Knijff; forensic; hardware; hacking; FPGA; DES; EMV; smartcard; criminals; elections; bank robbery; COTS; MITM; Man in the middle; Netherlands Forensic Institute; NFI
|Hack3rcon 3 (2012)|
Videos of the talks from Hack3rcon 3 (2012)
Keywords: hacking; security; hack3rcon
|Bsides Cleveland 2012 BsidesCLE|
Videos from Bsides Cleveland 2012 All videos and download links are at: http://www.irongeek.com/i.php?page=videos/bsidescleveland2012/mainlist
Keywords: security; hacking
Downloads: 1,082 (1 review)
|Techniques for 4kb Intro Development - S-Tec and Dave 'Polaris' Valentine|
The demoscene emerged from the fusion of art and technical innovation. Nothing quite captures this spirit as much as the challenge of creating a full production with music, sound and graphics in 4096 bytes or less. This seminar of 4kb intro development will contrast standard demo development to 4kb intro development, and provide a brief synopsis of various tips for 4kb intro development. While this is a technical discussion, it will cover basic concepts so it will be accessible to a beginner as ...
|Derbycon 2012 Day 1|
Derbycon 2012 Day 1
Keywords: derbycon; hacking; security; louisville
|Notacon 9 Videos|
Notacon 9 Videos
Keywords: hacker; maker; notacon
|Jason Scott's Presentation Presentation - Jason Scott|
During the preview evening of Notacon 6 in Cleveland, Ohio, Jason Scott, a frequent presenter at Notacon and other events, offered to give a presentation on the art of presenting. Subjects covered include motivation, performance, content, common pitfalls, frequent harbingers of narrative/presentation doom, and memories of presentations gone right and wrong. The speech was recorded with a static hi-def recorder, so Jason does walk offscreen or get cut off at various junctions, but his voice remai...
Keywords: presentation; jason scott; notacon
Downloads: 2,029 (1 review)
|Encrypted P2P and VOIP with Cutlass - Todd MacDermid|
encrypted p2p and voip spaces with cutlass Users on the internet are doing more and more of their daily work over peer-to-peer applications. Existing protocols such as SMTP and IRC are being replaced by peer-to-peer file transfer, voice chat, and text messaging systems. Unfortunately, the popular protocols are not secure, and the secure protocols are not popular. In this talk, we will talk about the security properties of the existing peer-to-peer systems, as well as describing an open-source sy...
|The DEFCON 1 Cannonball Run ISO|
ISO of Items related to the DEFCON Cannonball Run
|ShmooCon 2014 - Timing-Based Attestation: Sexy Defense, or the Sexiest? - Xeno Kovah, Corey Kallenberg, and John Butterworth|
Timing-Based Attestation: Sexy Defense, or the Sexiest? Xeno Kovah, Corey Kallenberg, and John Butterworth What if I told you it's possible to ask a drunk person if he's drunk - and get an accurate answer, by measuring the reaction time? What if I told you it's possible to design security software under the assumption that the attacker has the same privileges as the defender, and the attacker can scribble over and modify the defender's code as much as he wants, but he'll still get caught? This i...
|OHM2013: Elger Jonker - Twilight: Dissecting a warez CD series|
Every month for eight years a warez compilation disc was released under the name Twilight. Selling over 60.000 each month, not getting caught and transforming from piece of art to shrinkwrap. From the mid-ninenties to the early 2000's a warez compilation cd was released under the name Twilight. It featured the latest and greatest in games and applications and was sold for 25 Dutch guilders via friends and collegues...
Keywords: OHM2013; talk; Elger Jonker; Twilight; warez
|178 Humanoid Robots|
178 Humanoid Robots
|OHM2013: Henry Story/bblfish - The Secure Social Web|
We will give a very quick overview of progress in developing the global social web using linked data, WebID authentication and Web Access Control.Event program page: https://program.ohm2013.org/event/98.html
Keywords: OHM2013; Henry Story; bblfish; social web; secure; security; WebID authentication; WebID; Web Access Control; WAC; linked data
|Covert Crawling: A Wolf Among Lambs - Acidus|
Web application IDS evasion techniques and countermeasures is a mature area of study. LibWhisker-based apps and Snort have been in a tug-of-war for years. However, the initial reconnaissance of a website or web app has been largely neglected. Its either done by hand (which is tedious) or with a traditional crawler like wget (which is very noisy). An automated crawl appears as an enormous spike in hit count and byte transfer that is well outside the bell-curve for normal users...
Keywords: Shmoocon; 2006; Acidus; Covert Crawling; Hackercons; Presentation; Hacking; Hackers
|Webstock '11 Concert with Amanda Palmer and Jason Webley - Webstock|
Webstock '11 Concert with Amanda Palmer and Jason Webley
Keywords: Webstock 2011; Webstock; Amanda Palmer; Jason Webley
|Derbycon 2012 Day 3|
Derbycon 2012 Day 3
Keywords: derbycon; hacking; security; louisville
Outerz0ne 2009 hacker con Uploading it here after moving it from Blip. Just want it to be preserved.
Keywords: hacker; con; security
|ShmooCon Epilogue 2012|
ShmooCon Epilogue 2012
Keywords: security; hacking; cyber
|2007 BlackHat Vegas-V38-Krawetz-A Pictures Worth.mp4|
2007 BlackHat Vegas-V38-Krawetz-A Pictures Worth.mp4
|Louisville Infosec 2012 Videos|
Videos from the Louisville Infosec 2012.
Keywords: louisvile; infosec; security; hacking; lock picking
|OHM2013: Rick van Rein - The road to Free Telephony is paved with IPv6|
The progress of free telephony is hindered by IPv4 and, specifically, NAT traversal issues. SIP over IPv6 on the other hand, is a triviality. This lecture details how to roll out SIP over IPv6 in today's world, including the tools necessary for doing so. As long as SIP depends on IPv4, it depends on NAT traversal techniques. That includes a dependency on an external RTP proxy and thus, for most users, on a telecom operator...
Keywords: OHM2013; talk; Rick van Rein; IPv6; SIP; telephony; IPv4; NAT; RTP; proxy; telecom; OpenFortress; SIPproxy64; 6bed4; peer-to-peer; p2p; peer to peer; 0cpm; ENUM
|OHM2013: Vesna Manojlovic (BECHA) - How to rule the Internet (together with everybody else)|
How to rule the Internet (together with everybody else) Internet Governance and Hackers: what do they have in common What I want to achieve with my lecture is: * to enrich & diversify existing Internet Governance communities with young generation and "new blood" * to empower hackers, activists and free-software communities in influencing decisions in Internet Governance * to increase understanding and cooperation between these communities.....
Keywords: OHM2013; talk; Vesna Manojlovic; BECHA; Internet governance; hackers; internet; networking
|242 Weird Programming 1|
242 Weird Programming 1
Keywords: main; maln; nicht; wie; programming; braucht; welt; cug; die; weird; main main; weird programming; nicht braucht; welt nicht; die welt; main maln; maln main; cug cug; maln maln; define main
|wth wifi and 500km 88|
wth wifi and 500km 88
Videos from AIDE 2012 Videos embedded at http://www.irongeek.com/i.php?page=videos/aid2012/mainlist
Keywords: hacking; security; forensics
|OHM2013: Ajin Abraham - Abusing Exploiting and Pwning with Firefox Add-ons|
|8 Dirty Secrets of the Security Industry - Bruce Potter|
The fox is guarding the hen house, and both the fox and the hens are making a lot of money in the process. Such is the state of the security industry in 2007. For the last 15 years, we have been building security into our networks and applications using concepts like "defense in depth" and "layered security." It turns out, that the attackers are now leveraging our security systems against us. Worse, we have made the security industry a self feeding, self fulfilling prophecy that may actually be ...
|110 Applied Data Mining|
110 Applied Data Mining
Keywords: mining; data; features; rule; applied; association; introduction; dhcwg; rule mining; data mining; association rule; applied data; mining introduction; introduction features; features exploration; mining data
|Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC) - Adrian Crenshaw|
Demo video on Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC)
Keywords: OpenSSL; AES 128; ECB; CBC
Keywords: SkyDogCon; nashville; hacking; security
|ShmooCon 2014 - How to Train your Snapdragon: Exploring Power Frameworks on Android - Josh "m0nk" Thomas|
How to Train your Snapdragon: Exploring Power Frameworks on Android Josh "m0nk" Thomas Have you ever wondered how power is routed around your phone, how it is stored and if it could be made dangerous? I have, and I somehow talked the DARPA Cyber Fast Track group into funding my research into the subject and allowing me to name it: "Project Burner: El Telefono Inteligente de Fuego." The overall goal of the project was: "Can I catch a phone on fire using nothing but the stored energy in the batter...
|Saturday Keynote - Jennifer Granick|
Jennifer Stisa Granick joined Stanford Law School in January 2001, as Lecturer in Law and Executive Director of the Center for Internet and Society (CIS). She teaches, speaks and writes on the full spectrum of Internet law issues including computer crime and security, national security, constitutional rights, and electronic surveillance, areas in which her expertise is recognized nationally. Granick came to Stanford after almost a decade practicing criminaldefense law in California...
|Webstock '11: Jason Cohen - Webstock|
A Geek Sifts Through the Bullshit
Keywords: Webstock 2011; Webstock; Jason Cohen